From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 29 Aug 2025 11:52:55 +0000 (+0200)
Subject: Implementation of EVP_SKEY_import_SKEYMGMT
X-Git-Tag: openssl-3.6.0-alpha1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1351299d601bd85b96b82ffec37d3700a6296616;p=thirdparty%2Fopenssl.git

Implementation of EVP_SKEY_import_SKEYMGMT

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28369)
---

diff --git a/crypto/evp/s_lib.c b/crypto/evp/s_lib.c
index f8d132a666f..b8cf42260c0 100644
--- a/crypto/evp/s_lib.c
+++ b/crypto/evp/s_lib.c
@@ -103,6 +103,25 @@ EVP_SKEY *EVP_SKEY_import(OSSL_LIB_CTX *libctx, const char *skeymgmtname, const
     return NULL;
 }
 
+EVP_SKEY *EVP_SKEY_import_SKEYMGMT(OSSL_LIB_CTX *libctx, EVP_SKEYMGMT *skeymgmt,
+                                   int selection, const OSSL_PARAM *params)
+{
+    EVP_SKEY *skey = evp_skey_alloc(skeymgmt);
+
+    if (skey == NULL)
+        return NULL;
+
+    skey->keydata = evp_skeymgmt_import(skey->skeymgmt, selection, params);
+    if (skey->keydata == NULL)
+        goto err;
+
+    return skey;
+
+ err:
+    EVP_SKEY_free(skey);
+    return NULL;
+}
+
 EVP_SKEY *EVP_SKEY_generate(OSSL_LIB_CTX *libctx, const char *skeymgmtname,
                             const char *propquery, const OSSL_PARAM *params)
 {
diff --git a/doc/man3/EVP_SKEY.pod b/doc/man3/EVP_SKEY.pod
index 27ad844d7ed..2124f4e3dc4 100644
--- a/doc/man3/EVP_SKEY.pod
+++ b/doc/man3/EVP_SKEY.pod
@@ -2,11 +2,10 @@
 
 =head1 NAME
 
-EVP_SKEY, EVP_SKEY_generate,
-EVP_SKEY_import, EVP_SKEY_import_raw_key, EVP_SKEY_up_ref,
-EVP_SKEY_export, EVP_SKEY_get0_raw_key, EVP_SKEY_get0_key_id,
-EVP_SKEY_get0_skeymgmt_name, EVP_SKEY_get0_provider_name,
-EVP_SKEY_free, EVP_SKEY_is_a, EVP_SKEY_to_provider
+EVP_SKEY, EVP_SKEY_generate, EVP_SKEY_import, EVP_SKEY_import_raw_key,
+EVP_SKEY_import_SKEYMGMT, EVP_SKEY_up_ref, EVP_SKEY_export,
+EVP_SKEY_get0_raw_key, EVP_SKEY_get0_key_id, EVP_SKEY_get0_skeymgmt_name,
+EVP_SKEY_get0_provider_name, EVP_SKEY_free, EVP_SKEY_is_a, EVP_SKEY_to_provider
 - opaque symmetric key allocation and handling functions
 
 =head1 SYNOPSIS
@@ -23,6 +22,8 @@ EVP_SKEY_free, EVP_SKEY_is_a, EVP_SKEY_to_provider
  EVP_SKEY *EVP_SKEY_import_raw_key(OSSL_LIB_CTX *libctx, const char *skeymgmtname,
                                    unsigned char *key, size_t *len,
                                    const char *propquery);
+ EVP_SKEY *EVP_SKEY_import_SKEYMGMT(OSSL_LIB_CTX *libctx, EVP_SKEYMGMT *skeymgmt,
+                                    int selection, const OSSL_PARAM *params);
  int EVP_SKEY_export(const EVP_SKEY *skey, int selection,
                      OSSL_CALLBACK *export_cb, void *export_cbarg);
  int EVP_SKEY_get0_raw_key(const EVP_SKEY *skey, const unsigned char **key,
@@ -59,6 +60,10 @@ the B<params> argument.
 The EVP_SKEY_import_raw_key() function is a helper that creates an B<EVP_SKEY> object
 containing the raw byte representation of the symmetric keys.
 
+The EVP_SKEY_import_SKEYMGMT() function is a helper that creates an B<EVP_SKEY>
+object containing the representation of the symmetric keys specific to the
+particular B<EVP_SKEYMGMT>.
+
 The EVP_SKEY_export() function extracts values from a key I<skey> using the
 I<selection>.  I<selection> is described below. It uses a callback I<export_cb>
 that gets passed the value of I<export_cbarg>.  See L<openssl-core.h(7)> for
@@ -119,8 +124,9 @@ key I<skey> cannot be exported from its provider.
 
 =head1 RETURN VALUES
 
-EVP_SKEY_generate(), EVP_SKEY_import() and EVP_SKEY_import_raw_key() return
-either the newly allocated B<EVP_SKEY> structure or NULL if an error occurred.
+EVP_SKEY_generate(), EVP_SKEY_import(), EVP_SKEY_import_raw_key(), and
+EVP_SKEY_import_SKEYMGMT() return either the newly allocated B<EVP_SKEY>
+structure or NULL if an error occurred.
 
 EVP_SKEY_get0_key_id() returns either a valid pointer or NULL.
 
@@ -150,6 +156,8 @@ EVP_SKEY_get0_key_id(), EVP_SKEY_get0_provider_name(),
 EVP_SKEY_get0_skeymgmt_name(), EVP_SKEY_is_a(), EVP_SKEY_to_provider()
 were introduced in OpenSSL 3.5.
 
+The EVP_SKEY_import_SKEYMGMT() function was introduced in OpenSSL 4.0.
+
 =head1 COPYRIGHT
 
 Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 1603b450ff5..ec37c22d3f7 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -2322,6 +2322,8 @@ EVP_SKEY *EVP_SKEY_generate(OSSL_LIB_CTX *libctx, const char *skeymgmtname,
 EVP_SKEY *EVP_SKEY_import_raw_key(OSSL_LIB_CTX *libctx, const char *skeymgmtname,
                                   unsigned char *key, size_t keylen,
                                   const char *propquery);
+EVP_SKEY *EVP_SKEY_import_SKEYMGMT(OSSL_LIB_CTX *libctx, EVP_SKEYMGMT *skeymgmt,
+                                   int selection, const OSSL_PARAM *params);
 int EVP_SKEY_get0_raw_key(const EVP_SKEY *skey, const unsigned char **key,
                           size_t *len);
 const char *EVP_SKEY_get0_key_id(const EVP_SKEY *skey);